Category Archives: For Business

What Is EDR and Why Is It Important?

Oftentimes, your organization’s endpoints can become key entry points for cyber attackers. With the evolution of workplace mobility and employees connecting to the Internet from their off-site endpoints across the globe, it should come as no surprise that devices are becoming increasingly vulnerable. And without the proper cybersecurity protection measures in place, malicious hackers can easily take advantage of any existing vulnerabilities. This is why the need for enhanced security tools that surpass traditional Firewalls and Antivirus solutions has emerged as an undeniably top priority for organizations large and small. EDR (short for Endpoint Detection and Response) is the term that encompasses threat hunting, prevention, and detection tools and has become the golden standard in cybersecurity.

In this article, I will try to elude what Endpoint Detection and Response (EDR) is and why it has become a vital part of your business.

Cybercriminals do their utmost to successfully target and attack your company’s endpoints for various reasons. They might want to exfiltrate your data or hold it for ransom, override your machines, exploit them in a botnet and conduct DDoS attacks, and much more.

What does EDR mean?

The term EDR stands for Endpoint Detection and Response (or Endpoint Threat Detection & Response). It was coined in 2013 by Anton Chuvakin, former VP and security analyst at Gartner, now security product strategist at Google:

“After a long agonizing process that involved plenty of conversations with vendors, enterprises and other analysts, I have settled on this generic name for the tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints: Endpoint Threat Detection & Response.” – Anton Chuvakin, Gartner’s blog

Essentially, Endpoint Detection Response (EDR) systems have been created to detect and actively respond to sophisticated malware and cyber-attacks. EDR solutions can recognize suspicious patterns that can be further investigated later on. As implied by their name, these tools have been designed specifically for endpoints (and not networks).

Why is EDR important?

Compared to traditional security solutions, EDR provides enhanced visibility into your endpoints and allows for faster response time.

Furthermore, EDR tools detect and protect your organization from advanced forms of malware (such as polymorphic malware), APTs, phishing, etc. It’s also worth mentioning that EDR solutions are based upon machine learning algorithms designed to spot yet unknown types of malware, which will subsequently make behavior-based categorization decisions.

In essence, if certain files seem to behave maliciously (and similar to already known kinds of malware), they will not manage to bypass EDR solutions.

EDR vs. Antivirus – What’s the difference?

In the past, a traditional Antivirus solution may have sufficed to cover the protection of your endpoints. But as malware evolved into more advanced and pervasive forms, it became clear that Antivirus was no longer enough and that prevention and detection mechanisms needed to keep up with the ever-evolving threatscape.

EDR solutions have several unique features and benefits which conventional Antivirus programs do not deliver.

Compared to the novel EDR systems, traditional Antivirus solutions are simpler in nature and should be seen as an important component of EDR.

Normally, Antivirus tools accomplish basic tasks such as scanning, detection, malware remover.

On the other hand, EDR is superior to the traditional Antivirus (which uses signature-based threat detection methods). EDR tools are much broader in scope and should include multiple security layers such as attack blocking, patching, exploit blocking, firewall, whitelisting/blacklisting, full category-based blocking, admin rights management, and a next-gen Antivirus.

EDR security solutions are therefore more suitable for today’s businesses as the traditional Antivirus has become an archaic security tool in terms of guaranteeing complete security.

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.

Next-gen Antivirus which stops known threats;
DNS traffic filter which stops unknown threats;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

The main characteristics and benefits of EDR

The features of Endpoint Detection and Response tools can vary from vendor to vendor, yet we can notice a few main characteristics that define EDR and that are considered essential. Each tool can have a certain degree of sophistication, but below I would like to point out the five major characteristics of EDR:

#1. Integration with multiple tools

EDR solutions always come in multiple tools/layers. They feed intelligence into each other to successfully protect your organization from multiple angles.

#2. Alerts, reporting, and a unified overview of your environment

A dashboard that provides access to your endpoints’ protection status should be a mandatory feature of any EDR solution. At the same time, you should be able to receive timely alerts and have the capability to identify and monitor endpoint security threats and vulnerabilities.

Also, running reports for compliance purposes is a crucial aspect of all EDR tools.

#3. Advanced response capabilities and automation

An EDR technology should provide you with specialized tools for assessing and reacting to security incidents, including prevention, detection, threat intelligence, and forensics. At the same time, automation capabilities are essential.

#4. Global availability

EDR should allow you not to be dependent on platform constraints and be able to manage your environment wherever you or your teams are, at the time of your choosing.

#5. Prevention

Last in order but not of importance, an effective EDR technology must offer prevention methods and adaptive protection against next-generation malware, based on behavioral analysis of incoming and outgoing traffic in your organization, in order to prevent and mitigate attacks that cannot be detected by reactive solutions like an Antivirus.

Why Is Heimdal^TM’s EDR technology the best on the market? Introducing E-PDR, the next-gen approach to EDR.

We’ve combined an Endpoint Protection Platform (EPP) with Endpoint Detection and Response (EDR) and achieved what we consider to be the golden standard in cybersecurity: E-PDR (Endpoint Prevention, Detection, and Response).

Below I will discuss the numerous ways in which you can benefit from our E-PDR technology, superior to other existing EDR tools.

First of all, Heindal^TM’s EDR brings you real-time proactive security via DNS filtering, smart threat hunting, proactive behavioral detection, automated patch management, a next-gen Antivirus, and a module for automated admin rights escalation/de-escalation procedures. Thus, we deliver a layered security approach within a single and lightweight agent. Our customers get access to next-gen endpoint threat prevention and protection from existing and undiscovered threats, plus a market-leading detection rate and compliance, all in one package.

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.

Automate the elevation of admin rights on request;
Approve or reject escalations with one click;
Provide a full audit trail into user behavior;
Automatically de-escalate on infection;

Try it for FREE today Offer valid only for companies.

By combining Thor Foresight Enterprise and Thor Vigilance Enterprise you will obtain proactive IOCs and enhanced IOAs and gain a unique EDR ability to mitigate even concealed or unknown malware.

Secondly, our dashboard always provides you with notifications and warnings for all active clients. It offers real-time threat and status reporting, delivered in the interval of your choosing. Your data will be graphed and scaled daily, weekly, or monthly and it can also be integrated into SIEM via API. The Heimdal^TMSecurity Unified Threat Dashboard (UTD) stores the entire history throughout your customer lifecycle and helps you perform compliance audits and risk assessments. Alongside weekly reports, data exports, e-mail alerts, and built-in data drill down, the Heimdal^TM UTD offers a powerful yet simple way to manage your environment.

Our platform also enables you to define policies for each of your components in great detail. For example, you can refine the blacklisting of websites, files, processes, or patches per active directory group of your Heimdal^TM environment. This will give you the powerful option to individually tailor your IT environment and create policies to fit your exact needs across the Active Directory groups in your organization. Once configured, the Heimdal^TM deployment is simple and easy and can happen through any MSI deployment tool.

Thirdly, because we’ve taken into consideration the evolving needs of the global enterprise, our E-PDR technology works anytime and anywhere in the world, for both on-site and remote work set-ups.

Last but not least, our multi-layered security suite combined into our E-PDR system comes in a user friendly and easy to deploy agent, that will be extremely lightweight on your systems and will certainly become the greatest time-saver for your sysadmins.

Conclusion

No matter which EDR solution you end up choosing, make sure it can be scaled up and down and that it fits your organization’s needs.

Should you want to try out our EDR technology, please register on the website or contact us as sales.inquiries@heimdalsecurity.com.

The post What Is EDR and Why Is It Important? appeared first on Heimdal Security Blog.

Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse

The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products, such as Windows, Edge, Visual Studio, and the .NET Framework. The tech giant issued 115 patches in March and 113 in April this year and the May 2020 edition turned out to be the third-largest Patch Tuesday ever seen. This month’s batch did not contain any zero-days.

As always, Heimdal^TM Security advises you to apply these patches at your earliest convenience. None of the bugs have been identified as being actively exploited or mentioned until now. Still, if you’re running Windows on your endpoints, it’s high time to get these security flaws patched.

Read on to learn more about the May 2020 Patch Tuesday.

May’s 2020 batch of Microsoft patches, the third-biggest ever released

May is the third month in a row when Microsoft rolled out patches on its operating system and associated software for more than 110 security vulnerabilities. Luckily, there don’t seem to be any zero-day vulnerabilities to be fixed. However, there are certain bugs in Windows that need to be kept in mind and addressed.

At least 16 of the vulnerabilities are marked as “Critical,” indicating they can be abused by cybercriminals to install malware or gain remote control of compromised systems with little to no user intervention.

Significant vulnerabilities to be noted

Below we’ve listed a few instances you should consider.

This month, Microsoft fixed three critical Microsoft Edge vulnerabilities which could enable intruders to execute remote code by tricking users into visiting their specially created website. If abused, these flaws might allow malicious hackers to execute commands with full admin rights on the targeted device. At the same time, a bug in the Color Management Module (ICM32.dll) allows code execution after cybercriminals would have fooled users into accessing infected websites. Also, a remote code execution vulnerability can be noticed in Windows.

CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability

Under this scenario, there is an elevation of privilege risk as Microsoft Edge does not fully implement cross-domain policies, which could enable intruders to access and inject data from one domain into another.

Attackers would have to host a malicious website used to exploit the vulnerability. In any case, though, intruders will have no means to force users to access information that is manipulated by the criminals and they would have to trick people into clicking a link that redirects the victims to the attackers’ website.

An intruder who abuses this flaw successfully can escalate privileges in affected versions of Microsoft Edge. This security update addresses the vulnerability by making sure Microsoft Edge enforces cross-domain policies correctly.

CVE-2020-1059 | Microsoft Edge Spoofing Vulnerability

Should attackers convince users to access a malicious link, the attackers’ website “could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services”.

This patch fixes a bug by changing how HTTP responses are parsed via Microsoft Edge.

CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability

The CVE-2020-1096 vulnerability refers to the way Microsoft Edge handles objects in memory. More precisely, this vulnerability has the potential to corrupt memory, enabling malicious actors to execute arbitrary code on the machine.

Once successfully exploited, the bug would allow attackers to obtain the same user rights as the victim. Should the current user be logged on with full admin rights, the cybercriminal could completely take over the affected endpoint and perform malicious actions.

This kind of attack could be triggered if users are tricked into accessing the attackers’ website, where malicious PDF content would have to be stored.

CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability

This bug is connected to the faulty way in which the Color Management Module (ICM32.dll) handles objects in memory. Users with full admin rights are heavily impacted, since the vulnerability would permit malicious hackers to completely take control of the targeted systems, allowing them to “install programs; view, change, or delete data; or create new accounts with full user rights”.

Similar to the abovementioned attack scenarios leveraged by this Patch Tuesday’s addressed vulnerabilities, in this case, users would also have to be fooled into entering malicious websites belonging to the attackers or opening infected email attachments.

CVE-2020-1067 | Windows Remote Code Execution Vulnerability

The newly released security update corrects the improper way in which Windows handles objects in memory. An intruder who effectively abused the flaw would able to run arbitrary code with elevated rights on a targeted machine. The attacker who has a domain user account may craft a specially designed request to exploit the bug, enabling Windows to run arbitrary code with elevated permissions.

Did you know that 100% of vulnerabilities in Microsoft browsers and 93% in Windows OS can be mitigated by removing local admin rights?

Our unique privileged access management (PAM) tool, Thor AdminPrivilege, allows you to efficiently manage admin rights inside your organization. It is the only solution that enables you to both escalate and de-escalate user privileges and the only tool that automatically de-escalates user rights on infected endpoints (when used in tandem with the Enterprise version of Thor Foresight, Thor Vigilance or Thor Premium).

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.

Automate the elevation of admin rights on request;
Approve or reject escalations with one click;
Provide a full audit trail into user behavior;
Automatically de-escalate on infection;

Try it for FREE today Offer valid only for companies.

Bottom Line

We would also like to remind you that many of the bugs patched in today’s Microsoft patch batch impact Windows 7 operating systems, which no longer receive security updates unless your company has signed up for the Microsoft’s Windows 7 Extended Security Updates (ESU) paid service. If you are still running Windows 7 on any of your devices, Heimdal^TM Security advises you to upgrade to Windows 10.

All of our Thor Foresight Enterprise and X-Ploit Resilience customers are always being provisioned in a timely manner with the latest Microsoft patches (both Windows and 3^rd party) in a timely manner. Sign up for a free demo to learn how automated patch management can add a powerful layer of defense to your organization.

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.

Machine learning powered scans for all incoming online traffic;
Stops data breaches before sensitive info can be exposed to the outside;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

The post Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse appeared first on Heimdal Security Blog.

Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era

In the wake of China lifting some of its lockdown restrictions in the Wuhan province, most of the world is looking forward to getting back to ‘normal’. According to the World Health Organization, this transition from government-enforced lockdown to a quasi-repose state, should not be taken lightly nor perceived as a callback to ‘normalcy’.

As many epidemiologists pointed out, we have yet to reach the ‘infection’ peak, meaning that a second viral wave may be lurking around the corner. In the interim, with several European countries dropping part of the lockdown-specific rules, company-owners are making the necessary preparations to accommodate all the employees who were sent to work from home.

Many challenges lie ahead, most being related to (re)constructing a (the) work environment and how to achieve total compliance with the governmental recommendations/regulations – which, literally translates to how to keep your employees safe in the ‘Post-Pandemic Era’. The apostrophes are not poetic license – the coronavirus pandemic is far from over and it’s important to keep that in mind when you begin drafting the plans on how to bring everyone back to the office.

There is another consideration – your company’s cybersecurity factor. Up till now, your sysadmins were focused on making telecommuting work – configuring the network, installing additional equipment, researching remote work-specific software.

However, not that the employees will be returning to the office, the focus must shift back to on-site network admin, which, among other things, means getting up-to-speed with your cybersecurity policies (or lack of).

In this article, I am going to go over Heimdal Security’s return-to-the-office, cybersecurity recommendations. And because this is a race against time, I’m going to show you how to cut some corners (not in a bad way).

The post-pandemic era office

It’s only natural to have some reservations about going back to the office. After all, we did spend the last couple of months being told to stay at home, wash our hands, and practice social distancing. The idea of heading back to the office, while the coronavirus is still active, may seem foreboding. Perhaps even confusing – how can we even think about venturing into the world when the authorities are still struggling to contain COVID hotbeds that appear overnight?

Some WHO-associated sources mentioned something about the ‘death of normalcy’. In other words, we can never go back to what we believed was ‘normal’ because the very idea of ‘commonplaceness’ is what led us to this conundrum.

We need to change and that’s a fact. ‘But how?’ is the question du jour. Do we simply go back to our regular, and very mundane, 9-to-5 lives, knowing that the virus is still around? There’s no doubt that all of them are legitimate questions, which I will be addressing throughout this article.

Is it safe to go back to work? Health authorities from around the globe have already begun loosening the lockdown restrictions, allowing some industries to resume production. For instance, the Spanish health authorities, partly encouraged by the decrease in new coronavirus cases/casualties, have cleared the ‘restart’ for the construction and manufacturing industries.

On Monday, by ministerial decree, workers employed in these two sectors will return to work. I would like to remind the readers that Spain has been under lockdown since the middle of March.

Moreover, Spain is ranked fourth in deaths caused by the new coronavirus, after the United States, UK, and Italy. It’s encouraging news indeed, considering how hard this country was hit. Spain is not the only country to loosen its lockdown restrictions to stabilize the economy.

On the 25^th of April, three US states (Georgia, Alaska, and Oklahoma), have taken the first steps in loosening some of the lockdown orders, despite the US’s death toll is around 70,000 and climbing. Even life in China, which is considered the first coronavirus hotbed, is slowly returning to normal, with more business relaunching every single day.

Returning to the office is possible and feasible. However, it will look entirely different compared to what your employees had in mind.

First of all, as an employer, you are bound by law to take every necessary to ensure the safety of your workforce and help the health authorities stem the spread of this contagion. So, right from the start, two aspects need to be tackled: legal and health-related. Of course, an equally important aspect is cybersecurity. Let’s take a closer look at each of them.

Legal Implications of Returning to Work

According to the White House officials, employers can recall the staff on premises if they meet all the requirements laid down and enforced by federal, state, and local officials. The document in question is broken down into several sections, each of them addressing a certain social category (healthcare providers, employers, employees, specific employees, and businesses). Below, you will find an excerpt from the White House’s tri-phase plan.

Guidelines for all phases

Employers:

Develop and implement appropriate policies, per Federal, State, and local regulations and guidance, and informed by industry best practices, regarding:

Social distancing and protective equipment

Temperature checks

Sanitation

Use and disinfection of common and high-traffic areas

Business travel

Monitor the workforce for indicative symptoms. Do not allow symptomatic people to physically return to work until cleared by a medical provider.

Develop and implement policies and procedures for workforce contact tracing following employee COVID + test.”

Source: White House Gov – Opening America (Guidelines)

The European Union has also laid down strict guidelines regarding how employers should (re)act when recalling employees. According to the OSHwiki, EU’s plan of reopening businesses focuses:

Minimizing exposure to COVID-19 after recalling employees,
Updating your company’s risk assessment plan[i];
Adapting the environment’s layout as to comply with the health authorities’ recommendations regarding social distancing and other health-related concerns;
Identifying employees that are in the high-risk groups and creating a hazard-free work environment[ii];
Maintaining communication with your occupational health service;
Miscellaneous measures that can help your workforce cope with the changes produced by the coronavirus outbreak (i.e. a counselor to help your employees overcome anxiety, or depression, as side-effects of long-term isolation).

The same document also provides some insight on telework – bringing everybody back to the office at once would violate the social distancing rule. The obvious solution would be to allow some of your employees to continue working from home. In the long run, you can work out a rotation-based schedule to get everyone back.

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.

Next-gen Antivirus which stops known threats;
DNS traffic filter which stops unknown threats;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

Cybersecurity concerns in the Post-Pandemic Era

In terms of cybercrime, the coronavirus did nothing to stop or at least dilute the number of cyberattacks. Although in some countries the healthcare system is on the brink of collapse, that did not stop malicious actors from taking advantage of the confusion to stage debilitating ransomware attacks. The oil industry has also been targeted, as well as SMBs that fast-tracked the remote work initiative while sacrificing their cybersecurity posture.

Because I do a lot of research in the cyber-resilience area, I usually come across various forums where sysadmins ask all kind of security-related questions. In one thread, there was this sysadmin who said that his CEO ordered him to give every employee admin-type privilege before sending them to work from home. Needless to say, this type of praxis can lead to all manner of entanglements, not to mention the fact that you would be offering hackers several access points for data exfiltration.

This should be in a way construed as typical corona-related behavior. It goes further than that. Oftentimes, decision-makers, who lack cybersecurity training, will often make the mistake of overruling the sysadmin’s decisions in the area of security. A grave mistake, indeed, one that can cost companies millions of dollars.

Consider an alternative scenario – a lack of funding. An expanding startup just doesn’t have the financial needs to secure all the vital areas, leaving sysadmins to work with the tools they have on hands. Take patching, for instance. Nobody gives patching any attention until the company reaches the 20+ endpoint milestone. Then it becomes problematic, especially when there is only one sysadmin. What happens after that?

System administrators will use automatic patching and deployment solutions like WSUS and SCCM to ensure that are endpoints are running the latest Windows versions or that the proprietary software has been patched.

Even when you’re overseeing a 20+ endpoint network, using either one of those can create more issues than they can solve. This is not me putting the kibosh on Microsoft’s auto-patching, management, and deployment software, but, considering the speed that was required to set up a stable remote work network, SCCM and WSUS is simply not feasible.

Readers should remember that more than 80% of a machine’s vulnerabilities can be fixed through patching. Right now, the emphasis is on automatic tools that can deploy patches and updates on the fly.

Heimdal Security’s Thor Premium Enterprise, our company’s unique threat-hunting, and vulnerability remediation solution can help your sysadmin deploy updates and patches from anywhere in the world. Thor Premium Enterprise is a cloud-native solution, which means that you won’t have to worry about saving those patches/updates locally before they are applied.

Furthermore, on-demand, you can also add Infinity Management to your Thor Premium Enterprise suite. IM provides you with granular control over your endpoints and, most importantly, over what kind of software was installed on those machines. From there, you can force-install applications, roll back to a previous version, deploy and install proprietary software\update\patches, and much more.

Wrap-up

Back to work in the Post-Pandemic era? It is possible, but we have and need to follow some rules. As a company-owner, you have to guarantee the safety of your employees, no matter if it’s related to health or cybersecurity.

One sensible step towards reopening your business would be to work with the local authorities to make sure you meet all the requirements. Furthermore, you should also offer some degree of flexibility. Perhaps not all of them are thrilled at the thought of going back to the office considering that the coronavirus pandemic is far from over. Be mindful of your employees’ wishes and work with them to come up with the best solution.

[i] A company-wide analysis that must include a risk evaluation paper, risk control, safety measures, mitigation, risk management tools, and training.

[ii] If your office cannot guarantee the safety of your high-risk employees during regular office hours, it’s advisable to allow them to continue working from a home-type environment.

The post Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era appeared first on Heimdal Security Blog.

What Are the Main Vectors of Attack in Cybersecurity and How Do They Work?

Today’s dangerous cyber landscape demands all businesses to position themselves ahead of cybercriminals in order to maintain their safety. This always starts with identifying your weaknesses, understanding how your company may become compromised, and implementing the most appropriate prevention and detections methods that will help you achieve cyber resilience. But first, you have to understand what vectors of attack you can encounter that may disrupt your business.

What are vectors of attack?

Vectors of attack (or threat vectors) refer to the pathway that cyber attackers take to infiltrate your organization. In essence, an attack vector is a process or route a malicious hacker uses to reach a target, or in other words, the measures the attacker takes to conduct an attack.

Typically, attack vectors are intentional threats (rather than unintentional), as they do require some planning and analysis.

Various entities may exploit these vectors of attack, ranging from upset former employees to malicious hackers, cyber espionage groups, competitors, and more. Regardless of the person or group involved, they may either want to disrupt your business or steal your technology, confidential information or extort money from your employees. In any event, they will do their utmost to successfully utilize attack vectors and gain access to your systems.

Attack vectors vs. Attack surface

Attack vectors are the methods cybercriminals use to gain unauthorized access to a system, while an attack surface refers to the total number of attack vectors used by an intruder to control or steal data from your network or endpoints.

Attack vector examples in cybersecurity

Below I will briefly discuss the most common examples of vectors of attack that can threaten your organization.

#1. Insider Threats

Insider threat is one of the most common attack vectors. Still, not all types of insider threats are malicious, as naïve employees can sometimes inadvertently expose internal data. However, ill-intentioned individuals working for a company may intentionally disclose confidential information or plant malware, being fueled by various motives and for their own personal gain.

The most recent insider threat statistics reveal alarming issues that need to be considered and addressed by all organizations. For example, insider threats have increased by 47% in the past two years and 70% of organizations are witnessing more frequent insider attacks.

#2. Phishing

Phishing is merely one of many hats that social engineering wears. It involves manipulation tactics adopted by a malicious individual whose ultimate purpose is to trick employees into clicking on suspicious links, opening malware-infected email attachments, or giving away their login credentials.

The most insidious subtype of phishing is spear phishing, where very specific employees are observed in great detail only to be targeted later on by cybercriminals. This phenomenon is also part of the rising threat of Business Email Compromise (BEC), a highly sophisticated practice that can devastate companies of all sizes.

#3. Business partners

Third-party organizations can also become major vectors of attack in cybersecurity.

Some of the biggest security incidents and data breaches have been caused by vendors. Supply chain attacks are a common way for attackers to target a vendor’s customers. This is the reason why organizations large and small together with their business partners must foster a culture where cybersecurity best practices are shared and mutual transparency is demonstrated.

#4. Weak or compromised login credentials

Should your employees’ authentication credentials be too weak or become comprised, they may turn out to be an attacker’s surefire way to gain unauthorized access to your IT systems.

Usernames and passwords are the most popular form of authentication that can easily be abused through phishing, data leaks, and credential-stealing malware, giving intruders free access to your workers’ accounts.

Brute-force attacks (the practice through which attackers submit multiple passwords with the purpose of eventually guessing them) are also a serious vector of attack. In the wake of the novel coronavirus pandemic, Heimdal Security’s data has revealed that the number of brute-force attacks has increased exponentially. We have noticed a 5% increase in brute-force attacks after the majority of employees have started working from home.

#5. Ransomware / Malware

Ransomware continues to be a highly lucrative business for cybercriminals. Given its huge profits, it’s no surprise that ransomware has even developed into a “business” model – Ransomware as a Service. This allows it to become easily accessible even to people with rather poor technical skills but determined to profit from vulnerable users.

Unpatched vulnerabilities in your systems can allow ransomware to pass through. The most notorious ransomware attacks to date (such as WannaCry and NotPetya) could have been avoided if systems had been patched on time.

At the same time, the huge palette of other existing types of malware can facilitate the infiltration of malicious hackers inside your organization – think about worms, trojans, rootkits, adware, spyware, file-less malware, bots, and many more.

And do keep in mind that everything I’ve listed above refers to only a few vectors of attack that can affect your business.

How to protect your organization from threat vectors

Protecting your business from different attack vectors will not be difficult with the proper resources in place. Below I’ve included the main aspects you should focus on to reduce the risk of threat vectors and prevent potential future attacks.

#1. Educate your employees

We are strong advocates for continuous security education and we believe cybersecurity awareness training sessions should always be mandatory for your employees. Workers should hone their cybersecurity skills periodically, as prevention is key to keeping your business safe in today’s digital landscape. As long as cybercrime continues to thrive and be profitable, cybersecurity training should be a continuous journey inside your company.

Your workers must be taught to recognize the signs of phishing, BEC, how to create their passwords based on your internal password policy and avoid the most common password mistakes, identify different types of malware, and learn how to report cybersecurity incidents and potential threats. You can also try running phishing simulations to help them identify the tell-tale signs of phishing and avoid falling prey to these attacks.

#2. Apply the Principle of Least Privilege (PoLP)

Limiting your users’ rights to the lowest level possible that still allows them to successfully perform their tasks is the cornerstone of PoLP. This practice closes multiple security holes inside your organization, while it allows you to achieve granular control over the actions performed and eliminate the danger of insider threats.

For instance, Heimdal^TM Security’s Thor AdminPrivilege is a powerful Privileged Access Management (PAM) solution that simplifies the burdensome tasks of sysadmins who now have to manually escalate and de-escalate user permissions.

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.

Automate the elevation of admin rights on request;
Approve or reject escalations with one click;
Provide a full audit trail into user behavior;
Automatically de-escalate on infection;

Try it for FREE today Offer valid only for companies.

#3. Use the right cybersecurity tools

Sometimes, even the most knowledgeable employees (cybersecurity-wise) may accidentally click on malicious links or open infected email attachments. And in certain instances, cybercriminals are doing a great job masquerading as your employees’ superiors or other authoritative figures and manage to trick them into transferring large amounts of money to their accounts. For this reason, our Heimdal^TM Security experts have designed next-gen cybersecurity tools and technologies with very specific vectors of attack in mind, to help organizations avoid multiple attack scenarios.

Prevention, detection, and response are the bedrock of our philosophy. As it would be impossible to discover threats individually, we’ve gone beyond signature-based anti-malware solutions that only pick up known threats. As malware attack vectors are ever-growing in size and sophistication, we look at the Internet’s infrastructure to catch threats that traditional Antivirus don’t see. We’ve developed a highly sophisticated DNS filtering solution that blocks network communication to Command & Control servers, Ransomware, next-gen attacks, and data leakages.

At the same time, since we understand the burden of manual patching, we’ve combined Windows and 3^rd party software patch management into a single tool to help you remove the risk of unpatched software and systems, all at once.

Thor Premium Enterprise is our EPDR (Endpoint Prevention, Detection, and Response) solution, which combines DNS filtering, Automated Patch Management, and a next-gen Antivirus within a single interface so that you can have a complete overview on your environment.

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.

Next-gen Antivirus which stops known threats;
DNS traffic filter which stops unknown threats;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

To Sum Up

To evade threat vectors, organizations must simultaneously rely on an ongoing employee cybersecurity education and the proper tools.

Adopting a DNS-based approach to security, which analyzes and monitors network threats and is successful in detecting unknown malware and emerging threats is essential. At the same time, eliminating attack vectors related to unpatched software and systems, as well as properly managing admin rights will help you neutralize cyber threats before they damage your organization.

The post What Are the Main Vectors of Attack in Cybersecurity and How Do They Work? appeared first on Heimdal Security Blog.

Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis

With the cost of fuel hitting a new historic low, experts fear that this may be the beginning of a crisis unlike the world has ever seen before. Some believe that the coronavirus pandemic will have the same long-lasting effects on the global economy as the Second World War.

Despite the gallon hitting the $0.88 mark (according to the latest estimates), this brings little comfort to people living under Government-imposed lockdown. While Russia and Saudi Arabia are calling a truce on the so-called “price tussle”, in a bid to stabilize the rapidly declining market, malicious actors have declared total war on the oil industry.

In a relatively short timeframe, two massive spearphishing campaigns have been identified.

Cybersecurity researchers analyzing the incident stated that the multi-pronged attacks registered in late March and early April may have been used to gain sufficient momentum to conduct a larger and more devastating incursion.

The data made available so far reveals an unprecedented level of guile and cunningness, as the emails used during the said attacks are virtually free of errors that one would expect to find in spearphishing content.

Furthermore, the latest attacks, which targeted employees working in the oil and energy industry, are, no doubt, the advent of a new era of cyberaggression. Regrettably, the detection and mitigation methodology employed so far may prove to be useless against this new type of e-threat.

In this article, we are going to take a closer look at the two spearphishing attempts targeting the oil and energy industry. Moreover, we will also analyze occurrences, dispersal patterns, and discuss spearphishing-countering methods.

Case Study

ENPPI and the Rosetta Sharing Facilities Project

Some background information: on the 10^th of April, Russia and the OPEC+ alliance (Organization of the Petroleum Exporting Countries) has reached an agreement with G20 to address the rising oil prices and prevent what could very well be a financial catastrophe.

Ever since the World Health Organization declared the state of pandemic, the gas prices have plummeted, reaching an all-time historic low, even surpassing the one registered in 2002 (54.8 cents/gallon).

Major global events of this nature often attract opportunists and, of course, malicious actors willing to take the proverbial leap of faith, armed with the knowledge that organizations are now more vulnerable than ever before.

On the 31^st of March, a massive spearphishing attempt has been detected. According to the cyber-investigators, the campaign targeted high-value targets working with or at some major Philippines-based shipping companies.

The purpose of these high-profile spearphishing attacks was to deploy Agent Tesla-spun spyware, an infamous MaaS (Malware-as-a-Service) on the victims’ machines, to extract valuable information that could later be sold on the dark web.

The incident report reveals that the hackers behind this attack posed as ENPPI (Engineering for Petroleum and Process Industries, the Egyptian state-held oil company, to send fraudulent emails on behalf of Burullus, a legitimate, government-owned deep-sea drilling, and natural gas production.

The set of emails officially invited the targets to submit a firm bid for various materials and equipment, as part of the Rosetta Sharing Facilities Project.

The said emails themselves showcase an unprecedented level of guile – the message body was without spelling errors and even contained real data about the companies and the project. Enclosed in the email body were two zip-type attachments that were rigged to deliver the malicious Agent Tesla spyware Trojan payloads once the user opened them.

Taking a closer look at the attachments, the unpacked archives contain two types of executables – one entitled “BURULLUS “EPC WORKS FOR ROSETTA SHARING FACILITIES PROJECT.exe”, while the other one was named “WEIR OIL & GAS PROJECT NO. 4621-422-298-01-20.exe”.

Both were engineered to deploy malicious payload. Interestingly enough, further research reveals that the second executable was crafted specifically for this spearphishing attempt. The first one has been used in other schemes targeting high-profile targets from the oil and energy industry.

Case study

MT. Sinar Maluku spearphishing

The second spearphishing campaign took place just two days after the OPEC+ – G20 summit. Cybersecurity investigators were in awe when discovering that the emails involved in this spearphishing attempt contained real and auditable data.

From a chronological standpoint, the first spearphishing attempt has been registered on the 12^th of April, when a high-profile employee of a Philippines-based oil company received an ‘official’ email regarding a pending EPDA (Estimated Port Disbursement Account).

The recipient was to send the said document for Mt. Sinar Maluku, a real chemical/oil tanker, bound for Belawan. Moreover, the sender had reportedly asked for additional information regarding tanker ops such as the CFM (Container Flow Information).

The email contains a viral payload similar to the one used during the March spearphishing attack (Agent Tesla spyware). Attached to the email was a WinRAR archive which carried a Tesla-infected executable.

Pre-COVID Spearphishing Attacks in the Oil/Energy Industry

The coronavirus pandemic might as well be the advantage hackers were seeking to conduct spearphishing attacks, but the oil and energy industry has been affected long before the COVID outbreak. Here are the most notable events of pre-COVID spearphishing.

In 2019, LYCEUM, a malicious group has disseminated countless spear-phishing emails to high-profile targets in the oil ad gas industry. The emails in question contained a malicious .xlsm file, which was rigged with an Auto-run macro to deploy DanBot. The malware was used to capture keystrokes, monitor network traffic, and steal credentials.
In a report drafted in 2017, cybersecurity researchers revealed that hackers managed to tap into the power grid ops of several European- and US-based power facilities. The unauthorized access led to a chain of events, culminating with the group effectively shutting off the electricity to an entire neighborhood.
In 2018, a report drafted by Aon showed that a spearphishing attack led to a hydroelectric dam contractor losing control over the floodgate mechanisms. The malicious actors maintained their grip on the dam for more than 10 days until the contractor managed to purge the malware from all systems.

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.

Machine learning powered scans for all incoming online traffic;
Stops data breaches before sensitive info can be exposed to the outside;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

Countering Spearphishing attempts

With the threatscape shifting once again, the need for better tactics grows direr. Below, you will find a list of actionable countermeasures you can start implementing right away.

Continuous cybersecurity education

Education is key to preventing any type of cyberattack. When receiving emails that purportedly come from a legitimate source, one must ask himself if the actions suggested in the mail’s body could compromise the company’s security.

For instance, in the case of the two spearphishing attack, the best approach would have been to analyze the attachments before opening them. If they are true, documents, why should they have a .exe extension? Moreover, when receiving such requests, you should confirm them with your case manager or your CEO.

Upgrade your cyber-defenses

Agent Tesla and other MaaSs need C&C servers to operate. The best way to counter this is DNS traffic filtering. More specifically, you will need a solution that effectively blocks the malicious connection to the server before sanitizing your device.

Thor Foresight Enterprise, Heimdal Security’s response to second-generation malware can root out the malicious packets hidden within a transmission and sever the connection to the Command & Control servers the hackers use to steal data from compromised devices.

Download and execute suspicious attachments in a controlled environment

To ensure that the attachments found inside an email are legit, it’s recommended to execute them in a secure environment to see how they behave. This piece of info comes with a warning label: please do not make this attempt before informing your system administrator.

More than that, ensure that the ‘sandboxing’ environment is isolated from the rest of the network before proceeding. The easiest way to do this is by installing a virtual machine on a dedicated server.

There are plenty of tools out there that can help you set up a VM; I personally use Oracle’s VM VirtualBox for this sort of task. Be sure to install a cybersecurity solution on the VM to gauge the malware’s behavior.

Finally, connect to the Internet, open your email agent, and open the attachments. You should also ask your sysadmins for some help in analyzing the behavior of the attachments’ contents after they are opened.

Wrap-up

The latest spearphishing attacks on the oil industry may very well be the harbingers of something more ominous. Shoring up our cyber-defense is vital in countering such sophisticated threats. COVID-19 has offset the balance, which is bound to attract even more malicious actors.

The post Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis appeared first on Heimdal Security Blog.

Ensuring Data Security with Business Process Outsourcing Companies

The business processing outsourcing industry is known for generating savings and top-quality services for their clients. Enterprises in the West started the trend and has since relied on the East for their operations.

From its beginnings in manufacturing and call centres, the industry has widened its offerings to accounting, human resources, and even professional services. This gives way to the rise of high-value outsourcing, including research and development and other innovation strategies getting outsourced. Affordable high-quality technology also made it possible for small and medium businesses to try it.

Despite its popularity, many businesses worry about the risks of outsourcing their projects to a low-cost country. This includes data and cybersecurity concerns and how these companies handle it.

Most BPO companies follow the data and compliance standards set by institutions such as ISO and HIPAA. Even when working remotely, they make sure that these standards and processes are followed.

The COVID-19 pandemic, which causes disruptions to businesses worldwide, continues to prove the flexibility of these companies in continuing their operations. This article tackles how BPO companies ensure data and cybersecurity when working from home due to the pandemic.

BPO companies and in-house employment

BPO companies value data and cybersecurity by following strict security measures in their daily operation. They keep employment in-house to monitor and ensure the security of their data. Most service providers, meanwhile, invest in high-quality infrastructures and backups in case of an electric outage and data breach.

Compliance is also mandatory for its operation. BPOs in India and the Philippines, the top outsourcing countries, apply for ISO and HIPAA standards to ensure that their operation meets the international standards. Keeping employees in-house helps process and compliance monitoring easier since the operation is done in a single location.

The impact of COVID-19 to in-house work

The global pandemic has affected the majority of businesses and in-house employment. Lockdowns in different countries have forced them to either halt operations or put their employees on remote work. The outsourcing industry also felt the challenges brought by this.

Several countries have taken measures to continue their operations and stay business as usual. Work-from-home (WFH) employees are provided with equipment and internet connection to continue their work. Skeletal workforce and those who cannot render WFH are provided with accommodations in nearby hotels and lodging.

How remote work affects security for BPOs

According to Concentrix, a distributed workforce setup in the BPO industry is highly unusual since most of the operations are kept in-house.

These companies know that remote working imposes risks in the cybersecurity of a business. An employee using a shared public network can pose a vulnerable threat to their client’s information. Without a VPN and strong firewall settings, their IP address, location, and data are exposed to malicious activities online.

Encryptions are also important in protecting the company identity. Storages with weak encryptions also give way for hackers to steal critical information and use it for fraudulent transactions online or in the real world.

How to keep up with data security

The outsourcing industry is a flexible one. With the help of technology, BPO companies maintain the security of their data and processes remotely. The flexible arrangement has been a part of their business continuity plan in these unusual times. These examples show how BPO companies in the Philippines made a solution for working from home.

Data security

Letting their employees use a personal computer or a laptop may be ideal for creative, programming, and design roles. However, it won’t work for accounting and other roles that deal with critical customer and business information.

With this, most companies provided the equipment for their tasks. Their data is either stored in the desktop’s hard disk or a cloud drive with encrypted security. Each storage is password-protected which only the employee and their employers can access.

Cybersecurity

Another risk of using a personal device for work is cybersecurity. A personal laptop does not have the adequate tools to protect their system from suspicious activities online. Using a shared connection even poses more threat to this.

Desktops provided by the companies have secured VPN and firewall that protects them for their entire operation. For employees with slow or shared connections, companies provide a portable broadband connection for a smoother workflow.

Streamlined processes

Even in remote work, BPOs imply strict measures to ensure that their processes are streamlined. Employers have mastered using work collaboration tools and other online services while in the office so they can keep track of their work in real-time.

Call centres, for instance, have a single CRM system used to record customer issues, capture information, and track issues via tickets.

The skeletal workforce, meanwhile, will supervise and monitor the progress of the deployed teams. They are also tasked to check the work quality of their employees, process transactions, close sales deals, and report to the client about their tasks.

Work collaboration

Deployed teams have little to no worries in work collaboration online. Many employees already use several tools such as Slack and Skype for communication, G Suite for documentation, and CRM apps for capturing and encoding data.

Employers also use screen monitoring software to track employees’ attendance and activities. This helps them have an overview of their performance, the total hour of their work, and the websites they have visited. Project monitoring tools, meanwhile, helps them keep track of the progress of the entire project and delegate tasks through their team.

Author Bio

Derek Gallimore is as passionate about outsourcing as he is for business and entrepreneurial-ism. Outsourcing is a booming industry. Derek believes that every business owner should be fully aware, and utilise this incredible opportunity. In response to a general lack of information, he has founded Outsource Accelerator. Outsource Accelerator is the world’s foremost independent and unbiased source of outsourcing information advisory and education.

The post Ensuring Data Security with Business Process Outsourcing Companies appeared first on Heimdal Security Blog.

Why a Reliable Firewall Is Essential to Enterprise Security?

There’s no doubt in my mind that the threatscape has changed – new malicious strains rising to wreak havoc, traditional (and outdated) countermeasures failing, ML and AI stepping up to the plate to create actionable mediation (and remediation) strategies.

In this scenario, where everything moves faster than light to keep up with the challenges, it’s quite unlikely to find something hinting to “the old ways”, which in this case, broadly refers to the whole malware-riddance “Machinarium”, with the limelight, of course, falling on the antivirus.

Yet, there is hope for ‘traditional’ solutions, the firewall beings amongst them, or, better said, the only one that has aced the test of time.

In this article, we are going to take a closer look at firewalls – how they work, why they’re still in place, how many firewall types are there, and, of course, why they should be a part of your company’s cyber-resilience plan.

What exactly is a firewall? Some tips on how to choose the best one for your company

Going back to the basics, a firewall is a network security device that monitors outgoing and incoming traffic. Basically, it’s the IT equivalent of a TSA officer (no disrespect intended, of course), checking the passengers as they pass through the airport’s security gates.

Firewalls can be physical devices (i.e. hardware firewall), but also be deployed in software form (i.e. Microsoft Windows’ Defender Firewall). Firewalls, regardless of form, do more than checking inbound/outgoing traffic – they also ensure that user-defined rules are observed.

Here’s an example of how a firewall works: in keeping with the airport controller metaphor, let’s imagine a random person going through the checkpoint. It’s the officer’s job to check that person’s ID and inquire about the destination. On the IT side, this translates to the firewall inquiring about the IP and source of the transmission.

At this point, I should introduce two concepts called whitelist and blacklist. Simple enough to understand – what’s on the whitelist is good and what’s on the blacklist is bad. Now, after the ‘inquiry’ stage, the officer will check the person’s credentials against the two lists. If he’s on the whitelist, he can go through. If not, well, he will have some explaining to do.

The same thing happens on the traffic level – incoming packages get checked. If the transmission comes from a safe source (on the white list), they will be allowed to pass. If not, the connection will be severed.

Although the term “firewall” appears to be universal, there are, in fact, several types of firewalls, each designed to address (and overcome) a certain network security challenge. Let’s take a close look at the various firewall types.

Personal firewall

Endpoint-centric traffic monitoring and management solution. Protects a single endpoint (i.e. desktop computer, laptop, tablet or smartphone) and is usually a part of a larger cybersecurity software package. For all-purpose and intent, the Windows Defender Firewall can be considered a personal firewall, interposing itself between the machine and the Internet. Software-wise, there are a lot of choices.

Packet-filtering firewall

Moving further down the list, we have yet another basic firewall type – the packet or package-filtering firewall. A little more secure compared to the personal firewall, the packet-filtering variety adds more muscle to a multi-device network, such as the ones run by small businesses.

This type of firewall has pre-determined rules and policies, which allows it to generate various types of filtering criteria: allowed IP addresses, packet protocol headers, port numbers, and the types of data-bearing packets.

Packet-filtering firewalls are what we call “in-line defenses”, meaning that they are placed at junction points such as routers or switches.

This type of firewall has but only one caveat: it simply compares the transmitted packages against a predetermined list, meaning that there’s no way to route some that get flagged are suspicious. Packet-filtering firewalls simply discard the packets that do not match the criteria. Discarded packets cease to exist. Daunting perspective, don’t you agree?

Circuit-level gateway (firewall)

The methods enumerated so far, are architecture-centric, meaning that they do not factor in the context nor the content of the data packages. Circuit-level gateways are cheap and somewhat efficient ways of providing some insight into what is being relayed during the communication.

To identify potentially malicious data packets, circuit-level gateways inspect any (and all) network protocols used during the data transmission.

This includes TCP handshakes and subsequent encryption keys. Again, this is just one of the many instruments employed to verify the context and some content. Unfortunately, it’s a blunt one, since circuit-level gateways cannot perform in-depth analyses on the packets’ content.

Stateful inspection firewall

Since the entire malware industry is focused on creating variants that circumvent detection grids, there is, indeed, a need for a firewall capable of inspecting the contents of each package. Enter the stateful inspection firewall, which is, more or less, the IT equivalent of a customs officer, in charge of checking every parcel and suitcase before the owner can retrieve it and go about his business.

Stateful inspection firewalls, albeit more expensive and difficult to deploy compared to the other items on our list, can inspect the contents of each data packet. More than that, it can ascertain whether or not that packet or ‘bundle’ is part of or has been requested during an active network session.

Another caveat that comes to mind is that stateful inspection firewalls can take quite a toll on your network’s performance, by increasing the latency. Of course, it does tend to make up for this with the extra ‘muscle’ it brings.

Proxy firewall

In every aspect, the proxy firewall can be considered the love-child of the packet-filtering firewall and the circuit-level gateway. In more technical terms, this packet-inspection technique interposes a firewall-enabled proxy server between the client (your machine) and the rest of the Internet.

Often called application-level gateways, these types of firewalls have dynamic filtering capabilities – capable of filtering packets according to the service they are attempting to access. Additionally, they can call up additional criteria, such as the HTTPS request string.

Since it’s phenotypical, the proxy firewall also has the same packet-inspection capabilities as the gateway. On the other hand, just like in the case of the stateful inspection firewall, the proxy firewall can impact your network’s performance.

Hybrid firewall

The epitome of firewall technology, hybrids combine advanced packet-scanning techniques, such as deep-packet inspection, with antivirus antimalware software. A hybrid firewall will inspect every aspect of a web browsing session, right down to the content of each transmitted packet.

More than that, hybrids have the capability of performing deep packet analyses. For instance, they can ‘figure out’ if the packets came from a legitimate source by piecing together the entire server reply, which is made of many more data packets.

As you would imagine, hybrid firewalls are the go-to solutions if you want to ensure that no malicious packets slip through. With the built-in AV\AM, it can provide HIDS and HIPS.

However, just like the other types of deep packet inspection firewalls, hybrids can also impact your network’s performance. More than that, hybrids can impact your organization’s resources as well, since they require front-end maintenance.

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.

Next-gen Antivirus which stops known threats;
DNS traffic filter which stops unknown threats;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

Forensic Analysis of Brute-Force Attack: Pre- and Post-Pandemic Patternization

Regardless of their nature and functionality, firewalls should offer some degree of protection against malicious connection attempts. Of course, a firewall alone cannot protect the machine against advanced, second-generation e-threats, but they can prevent less ‘sophisticated’ malicious attempts such as brute-force attacks. Despite having a lesser degree of success compared to other cyber-attacks (i.e. keyloggers) BF-type malware can become very effective if unleashed upon unsecured or poorly secured networks and/or machines.

Heimdal Security’s internal data has revealed that the number of brute-force attacks have increased exponentially in the wake of the ‘remote work exodus’. Our company’s data points out that there has been a 5% increase in BF attacks after employees were ordered to observe self-quarantine conditions.

Chronologically, a spike in BF-type aggressions has been detected in or around the 2^nd of February, coinciding with WHO’s statements regarding the coronavirus situation blowing out of proportion. Until the beginning of February, the network protection agent on a single machine would detect and block an average of 15 – 20 brute-force attempts per day.

However, moving further into February 2020, we see a significant increase in daily brute-force attacks; in some cases, our telemetry shows a 700 – 800% increase compared to the previous months (i.e. December and January).

A plausible explanation may be that the companies have had scaling trouble – infrastructure could not accommodate so many remote work requests. This, in turn, led to sysadmins focusing more on ways to solve related issues (i.e. post-transmission data-consistency, revoking super-user accounts, expanding/upgrading the hardware), while deprioritizing cybersecurity.

As mentioned, February come, the number of BF attacks has increased. Our telemetry shows a spike towards the end of the month; the ‘bulk’ (circa 10% of detected and blocked BF attacks) has been seen on the 25^th of February, the lowest count being registered on the second of the month. Below, you will find a graphical representation of how the brute-force attack phenomenon evolved throughout the month of February.

In March, WHO declares the coronavirus outbreak a pandemic. Companies around the world were either forced to shut down their operation or send their employee to work remotely. With an increase in telecommuters, both ISPs and infrastructure are under tremendous stress. Concomitantly, a rise in brute-force attack numbers is also observed.

On the average, around 5,000 brute-force attempts have been detected in May, compared to 3,500 in February (42,72% increase for the February-March timeframe). Furthermore, our telemetry shows a massive brute-force attacks spike (circa 10% of March attacks) in or around the 5^th of March, coinciding with the beginning of the work-from-home migration. See the graph below to review the March brute-force attack evolution.

Outlook

According to Heimdal Security’s data, in April, we have registered a 200% decrease of brute-force attack cases (compared to March). This dramatic drop in cases can be attributed to Heimdal’s advanced firewall brute-force attack blocking feature, that actively monitors the incoming traffic in search for data packets that match the BFA profile.

The feature is available as part of our company’s Thor Premium Enterprise cybersecurity suite. Outlook wise, our forecasts show that brute-force attacks will effectively decrease both in number and strength. Please see the graph below to review the April vs. March trend of the BFA phenomenon.

Wrap-up

In my (most humble) opinion, firewalls aren’t going anywhere. Of course, we shouldn’t rely solely on the firewall to keep e-threats at bay. That being said, a complete cybersecurity solution is the way to go forward, especially during these trying times. Stay safe!

The post Why a Reliable Firewall Is Essential to Enterprise Security? appeared first on Heimdal Security Blog.

SECURITY ALERT: Twitter Data Cache on Firefox May Have Left Your Personal Data Visible on Shared Computers

Twitter recently revealed a data privacy issue caused by the way in which Mozilla Firefox cached data, meaning that the personal information of Twitter users may have been stored in Firefox’s cache. More specifically, private files shared via direct messages and data downloads could have been saved unintentionally in the browser’s cache, even if you signed out of Twitter. This issue did not affect other browsers.

What is browser cache and how does it work?

Every time you access a website for the first time, your browser connects to its remote server. Then, the browser sends a request and the server responds, providing the HTML page, upon which the website is built. As your browser reads the HTML code, it starts sending out more requests to the server in order for the page to be displayed completely.

Since this process generally takes up a lot of bandwidth, some HTML elements will be stored for a certain amount of time in the browser on your machine. The speed at which files are loaded locally from your device will always be higher than always having to access the files from the website’s remote server. For instance, images on a website can be quite large, so when the browser caches them, this means they would only have to be downloaded once, then accessed directly from your machine. This is a huge advantage of browser caching.

Yet, there are downsides to it. Even though caching does improve the web browsing speed, sometimes it may leave users vulnerable to personal information spills – not necessarily through malicious remote connections, but for instance, by creating potential privacy issues in a public computer environment.

Going back to the Twitter data cache on Firefox, keep on reading to find out what happened and how you might have been affected.

How the Twitter-Firefox incident could have affected you

Even though this may not be a problem on single-user devices, data may have been leaked on computers with multiple users. If Twitter users logged from a public computer, their personal information could have been harvested by ill-intentioned actors.

Fortunately, according to Twitter’s statement, the stored information should have automatically been deleted after a week. The social networking giant also indicated that the issue has now been solved, so Firefox is no longer storing personal data in its cache.

“The Mozilla Firefox browser’s cache retention period is set to 7 days and after that time the information should have automatically been removed from the cache.”, said Twitter.

Other browsers like Chrome or Safari have not been affected.

According to The Register, it appears that an HTTP header may not have been used as expected, determining Firefox to store files and downloaded data. This was pointed out by Mozilla engineer Dave Townsend:

It seems that when a certain HTTP header is used (which has no defined effect on caching behaviour) Chrome has chosen to not cache the content. Firefox will cache the content unless the Cache-Control header says not to (just like all other HTTP requests).

— Dave Townsend (@EnglishMossop) April 2, 2020

Mozilla stated that this would not be remotely accessible to cybercriminals.

“When you use Firefox, cached data stays local on that device.”

“So if the data stayed in the cache, that would only have been viewable on that device.”, announced a spokesperson for The Register.

What’s more, Twitter believes the problem can be fixed on their end, possibly by changing the HTTP header in question, which means that no Firefox updates will be required.

As an additional security measure, Twitter encouraged its users to clear the browser’s cache after each session on every public computer they use to sign in:

“If you use, or have used a public or shared computer to access Twitter, we encourage you to clear the browser cache before logging out, and to be cautious about the personal information you download on a computer that other people use.”

The social media network apologized for this security hiccup and advised its users to contact Twitter’s Data Protection Officer by completing an online form for any questions or concerns.

How to clear the cache on Firefox

Here is how you can manually or automatically delete Mozilla Firefox’s cache.

Manually clearing the Firefox cache

Go to Options.

Now access Privacy & Security > Cookies and Site Data > Clear Data.

Uncheck Cookies and Site Data. Only check Cached Web Content and click the Clear button.

Automatically clearing the Firefox cache

If you wish to automatically clear the cache when Firefox closes, go to Options > Privacy & Security > History.

Select the Use custom settings for history option.

Check the Clear history when Firefox closes box and then click the Settings button.

Only check the Cache category and click OK.

Conclusion

People may be concerned about websites storing certain assets on their devices without their knowledge or consent, and for a good reason. However, the benefits of browser caching are currently greater than the risks, so in this case, the simple practice of clearing your browser cache will suffice. Also, if you’re using a solid cybersecurity solution that prevents and mitigates threats, you can rest assured you are safe online in front of both known and yet unknown threats.

The post SECURITY ALERT: Twitter Data Cache on Firefox May Have Left Your Personal Data Visible on Shared Computers appeared first on Heimdal Security Blog.

SECURITY ALERT: Zoom Under Scrutiny in Wake of UNC Patch Injection Issue Disclosure

Amid the coronavirus outbreak, Zoom Video Communication, the California-based video remote conferencing company that has become the backbone of the entire work-from-home effort, struggles to contain what can easily turn into a massive data leak.

Coined the UNC patch injection issue by @_g0dmode “Mitch”, the cybersecurity researcher who identified it in the first place, this vulnerability can be exploited to steal Windows login credentials and network information. Despite being notified in regards to the issue, Zoom has yet to come up with a more permanent solution.

Overview

Zoom has, no doubt, become an indispensable communication tool and an asset for companies who want to ensure business continuity for the duration of the pandemic.

According to The Guardian, the company has registered a 1,500% growth in shares, as more and more investors rally around Zoom’s banner. As we speak, Yuan’s brainchild has overtaken its competitors including Skype for Business, Microsoft Teams, Google’s Meet, Slack, etc. However, this “voracity” comes at a cost, as cybersecurity researcher @_g0dmode recently pointed out.

The choice for using Zoom is an obvious one – video over audio and text. Facetime is as important as exercising during remote work to promote solidarity among employees. Zoom, as most of its competitors, has many useful business-oriented features such as link-sharing, online collaboration, workspaces.

UNC Patch Injection Issue

In regards to link-sharing, tools such as Zooms usually convert URLs to shareable hyperlinks. Nothing out of the ordinary about that; in fact, this process allows the user to open the link in a web browser. This is where things tend to get a little complicated.

Per observations, Zoom’s agent doesn’t only transform URL’s into shareable hyperlinks but, at the same time, discloses UNCs (Universal Naming Convention) paths. Why does this point toward a data breach?

Going back to the basics, as you know, UNC is the standard that allows you, the user, to identify files, servers, printers, or other resources in a network (i.e. company network, home network, etc.).

UNC provides a bird-eye view to every device, file or resource that exists in a pre-defined network.

Here’s what a regular UNC path looks like “//Kansas\Example\Wicked.txt”. Now, to access the text document Wicked, you would have to call up the directory (“Example”) and the shared server it’s hosted on (“Kansas”).

So, what happens if someone would open a UNC path link? Your endpoint will attempt to open a connection to a remote site. This is achieved via an SMB (Server Message Block), a network-sharing protocol. During this negotiation, your OS shares, by default, your login name and the NTLM (NT Lan Manager) credential hash.

If the SMB server that handles these requests would be under the control of a malicious actor (hacker), then, on clicking the UNC path link, Windows will automatically leak all this info. One would be inclined to say that the malicious actor has no use for this info since nothing is stored in plaintext.

However, as @_g0dMode (Mitch) pointed out, this hash can be cracked in the blink of an eye, using open-source tools. It gets even worse – if the user forgot to change his password or uses a one, the cracking process becomes even easier.

Following the cybersecurity analyst’s disclosure, Zoom has informed all of its customers that it has taken the necessary steps to solve (and, possibly, mitigate) this issue. No timeline has been announced. Meanwhile, Microsoft has released a possible workaround for the UNC patch injection issue. I will cover this in the upcoming section.

Zoom’s #1 on the hitlist

This isn’t Zoom’s only blunder. In July 2019, EPIC (Electronic Privacy Information Center) filed a complaint against the Californian company, after several cybersecurity analysts brought to attention the fact that the Zoom app was, allegedly, designed to bypass several layers of security imposed by web browser, to access the user’s camera.

This was (allegedly) done without the user’s express consent or knowledge, for that matter. Zoom’s retort was to take down all the remote servers.

Unfortunately, Zoom’s list of blunders doesn’t end here. Recently, the company received a major backlash after Motherboard revealed that Zoom’s iOS application was covertly harvesting user data and sending it to third-parties, including Facebook.

Allegedly, this data, which included chat rolls, personal notes, audio, and video recordings, would be used in targeted Facebook advertisements and other marketing endeavors. The purpose of this article is to provide you with insight on the latest UNC patch injection issue, not to do a ‘Zoom blunders body-count’, so I’m going to stop right here.

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.

Machine learning powered scans for all incoming online traffic;
Stops data breaches before sensitive info can be exposed to the outside;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

How to use Zoom safely while working from home

I’ve put together a small list of useful advice on how to protect your data and privacy while using Zoom from home.

Restricting NTLM: Outgoing NTLM traffic to remote servers

Let’s talk about the elephant in the room, which in this case is Microsoft’s ‘hotfix’. While waiting for Zoom to remediate the issue, you can try out this temporary solution. Note that this solution only works for machines running Windows 10.

First method

If you have admin-type rights, run the Group Policy Editor and select Computer Configuration. From there, head to Windows Setting à Security Options àNetwork security: Restrict NTLM: Outgoing NTLM traffic to remote servers. Select the Deny all option and save changes.

Second method

If you’re denied access to the Group Policy Editor, try this workaround. Run the registry editor. Select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0. Right-click on the screen, select “New”, and then select “DWORD (32-bit) Value”. Rename the newly created DWORD value to RestrictSendingNTLMTraffic. Double-click on the renamed parameter and assign it the value “2”.

Review and update your Zoom privacy settings

Before reviewing your privacy settings, ensure that your machine runs the latest Zoom version. Do keep in mind that malicious actors will always try to exploit security breaches such as unpatched or outdated apps. On the latter, I would recommend an automatic updater app to avoid the need of having to manually update them.

Thor Foresight Enterprise, our company’s award-winning DNS traffic-filtering solution, solves two major issues: blocks malicious connections to prevent malware from reaching your device and updating your apps and software on the fly.

In regards to Zoom privacy, I would also advise you to use a second device for other tasks (i.e. replying to a colleague’s DM, checking your email, Googling) to avoid Zoom’s notorious attention-tracking widget. Also, it would be a good idea to log in with your Zoom credentials than with your Facebook account to avoid data harvesting.

Wrap-up

The UNC patch injection issue remains unsolved. We are (eagerly) expecting some sort of articulated response from Zoom, considering that a whopping number of companies relies on Zoom’s software to ensure business continuity. I will update this article as soon as Zoom releases a permanent fix for the issue.

The post SECURITY ALERT: Zoom Under Scrutiny in Wake of UNC Patch Injection Issue Disclosure appeared first on Heimdal Security Blog.

Decision Making Before and During Times of Crisis: A Parallel Between Cybersecurity Incidents and the Current COVID-19 Pandemic

The coronavirus pandemic is not only the first time in history when a biological virus also affects the cybersecurity industry (through phishing attacks and COVID-19-themed malware) but the way the breakout has been handled so far also resembles how certain IT decision-makers may react when it comes to dealing with security issues.

So far, the crisis has been approached from different angles by governments around the world. The pandemic is now causing major disruptions in the way we live and work, and perhaps, irreversibly. It is an unprecedented health and economic disaster, which puts our collective ability to respond to the test.

How prepared are governments? How about us as citizens? Why don’t we all focus on prevention rather than on dealing with the consequences?

A comparison between decision making in Cybersecurity and the COVID-19 pandemic

If you think about it, in many cases, cyber-attacks and malware behave and spread in ways similar to a pandemic. Some digital threats are even called “viruses”, after all.

But how do cybersecurity leaders generally make decisions compared with how currently government officials are dealing with the COVID-19 pandemic?

Without the intention of trying to oversimplify the complexity and severity of the COVID-19 pandemic, I’ve discovered some similarities that I would like to point out.

#1. Inaction fueled by optimism bias

Even though we like to think of ourselves as rational creatures, it’s in human nature to disregard risk associated with – well, anything…

Why? The optimism bias phenomenon is to be blamed. In short, it refers to the belief that we have lower chances of being affected by negative events than other people and that we are more likely to experience positive events than our peers.

The term was coined by Neil D. Weinstein in 1980, who through his experiment discovered that most college students thought their chances of developing a drinking problem or getting divorced were lower than that of their colleagues. Simultaneously, the majority of these students also believed that the odds of positive things happening to them (such as owning a house and growing old) were much higher.

In a recent article, Marie Helweg-Larsen, Professor of Psychology, argues that certain people are refusing to change their behavior during the current coronavirus pandemic due to optimism bias. For instance, if you don’t believe chances are you may be infected, you might think that interacting with your grandmother won’t be harmful. This way, due to the infection’s uncertainty, you tend to minimize risk.

The perception around risk can be difficult to change. But since social distancing and staying at home are now typically considered the moral thing to do, people may be more likely to change their attitude when thinking about keeping others safe (and not themselves, in particular). So, no longer focusing on your own personal risk may fuel a more protective behavior.

Obviously, not only regular citizens found themselves under the optimism bias since the COVID-19 pandemic has emerged. In the same manner, leaders around the world have been crippled by inertia and tended to underestimate the critical impact the novel coronavirus would have on their countries, healthcare systems, and the economy.

How common is optimism bias in cybersecurity?

Of course, optimism bias can also be observed in the cybersecurity field. In short, this phenomenon prevents some security leaders from taking preventative measures and therefore hinders companies from achieving a good security posture.

The results of a study revealed that security executives are indeed affected by the optimistic bias. The report concludes they thought their risk to be substantially lower than that of the companies they were compared with. Furthermore, they seemed to be aware of the existing risks, yet still can not completely grasp the magnitude of a potential accident.

The same study has shown that subjects, at the very least, acknowledged their interconnectedness with their business partners. Even though they considered themselves to be less prone to risk than other companies, they seemed to perfectly understand that they could themselves become victims due to the third-parties they partnered up with. These dangers are nowadays commonly referred to as Supply Chain Attacks or Vendor Email Compromise (VEC) threats.

How to avoid bias when building your cybersecurity strategy

Biases impact decision-making processes and obviously, the cybersecurity industry is no exception to the rule.

So, how can you, as an IT decision-maker, avoid being under the influence of cognitive biases?

Here are a few points to consider:

Becoming aware of optimism bias and accepting that the phenomenon is an inherent part of us as humans. This is the first step toward taking impartial, unbiased decisions.
Looking at real-life examples. Understanding how organizations that match your own profile were impacted by cyberattacks and analyzing how your company would react when faced with a similar scenario. Would it be prepared to deal with an attack or miserably fail? How cyber resilient is your organization?
Thinking about the overall positive impact of a strong cybersecurity strategy on your business. Now, organizations should not simply begin applying scare tactics upon themselves and should start realizing how threat prevention and mitigation will keep their company up and running.

#2. Testing and micro-segmentation

So far, countries that have proved to be the most successful in managing COVID-19 infections behaved the same way cyber resilient organizations do. And the ones that failed to keep the epidemic under control did not have all the prevention and mitigation measures in place.

For instance, as the epidemic was (not so) slowly increasing, Britons were encouraged to “keep calm and carry on” and let the herd immunity strategy, which was heavily criticized in the end, do the trick. Prime Minister Boris Johnson later admitted that Britain was going through the “greatest public health crisis for a generation” and started implementing some forms of social distancing measures.

After the first American case was announced in late January, when asked if he believed this would turn into a pandemic, President’s Donald Trump response was “No. Not at all. And we have it totally under control. It’s one person coming in from China, and we have it under control. It’s going to be just fine.”

In early March, Trump was still suggesting that the virus was “less serious than the flu” and reassuring people that “It will go away. Just stay calm. It will go away.” Meanwhile, the U.S. was falling behind on testing and some Trump administration officials were responding with untruths, suggesting that anyone who wanted could get tested when in reality, the shortage of testing kits was being revealed. As of March 30, 2020, the U.S. has the most confirmed COVID-19 cases in the world, surpassing China, Italy, and Spain.

In the meantime, South Korea, Singapore, and Taiwan have managed to contain the outbreak due to diligent testing and social distancing measures.

Below you can see the number of Tests conducted vs. Total confirmed cases in different countries around the world:

Along the same lines, the same testing (or monitoring) practices should be followed in cybersecurity.

Should threats remain hidden inside your organization, there will be room for lateral movement and future exploitation. However, the spread of malware infections can be stopped if you put a segmented architecture based on Zero Trust in place. This model originates from the belief that one should never trust anything inside an organization by default and should always verify everything in the first place. Zero trust networks are based upon micro-segmentation, which divides perimeters into small areas so that certain parts of your network remain isolated and have separate access. In case a data breach occurs, micro-segmentation limits further exploitation of your network.

What’s more, simply because people aren’t displaying any visible symptoms of COVID-19, that doesn’t necessarily mean they are not infected and therefore shouldn’t get tested. There have been cases of coronavirus false-negatives so far, which leaves experts worried about this type of inaccuracy amidst the outbreak.

However, even though universal testing may sound utopic due to logistical constraints and shortage of testing kits, the same should not apply when it comes to your organization’s security.

Most nations that have had a hard time enforcing social isolation rules have witnessed COVID-19 infections growing quicker. Italy, for instance, around a week ago, when around 41,000 people were infected and the outbreak was already out of control, was charging 50,000 individuals for breaking isolation laws. Fast forward another week later, the cases in Italy had almost doubled.

On the other hand, after imposing draconian lockdown measures and despite being the outbreak’s original source, China managed to flatten the coronavirus curve. They tried to proactively find infections rather than just passively wait for symptoms to develop. As you may already know, this approach is also considered a best practice in cybersecurity.

What’s more, a study has shown that as human mobility decreased in China after social distancing measures were put in place, so did new infections.

Image source: “The effect of human mobility and control measures on the COVID-19 epidemic in China”, available here

As you can see in Graph a, human mobility dropped after January 23, 2020, and was considerably lower than compared to January 2019, when cordon sanitaire (the health measures aimed at controlling the spread of the disease) was put in place for Wuhan. And after this date, the number of coronavirus cases and infection rate also started decreasing, as you can notice in the charts below:

Image source: “The effect of human mobility and control measures on the COVID-19 epidemic in China”, available here

#3. Improving your defenses and mitigating risk

During this critical period, hospitals and governments had to beef up their defenses against COVID-19. Basically, now more medical supplies than ever, such as gloves, gowns, or ventilators, have to be purchased. Needless to say, having the right number of protective equipment is vital. However, unfortunately, many countries are unprepared, even though they should have been able to see a crisis like this one coming.

“When we have done exercises in the past for pandemic preparedness, supply chain issues were a well-documented challenge”, commented Saskia Popescu, an epidemiologist focused on hospital preparedness, for Vox.com. “This is something we’ve known about — maybe not to this extent, but this isn’t a shocker. It’s more surprising that we let it get this bad.”

Knowing that disaster could strike anytime is not to be neglected.

In a similar fashion, the same reasoning can be applied to an organization’s cybersecurity. Since being aware that cyber-attacks and data breaches can linger around the corner, would you not wish to protect your digital assets in the best possible way?

Only through proactive security measures, such as staying on top of your patching or scanning your organization’s incoming and outgoing traffic through DNS filtering coupled with reactive defenses, like using a next-gen Antivirus and then extending your defenses to email security and privileged access rights management, your organization can achieve true cyber resilience.

What organizations can learn from a cybersecurity standpoint

First of all, security leaders should accept that any organization is exposed to cyber threats. After all, it’s a matter of when (not if).

Secondly, another vital step refers to testing (or in other words, gaining visibility inside your organization). This is how you can understand exactly if or which parts of your business are being affected and in case of an existing infection, be able to address it correctly. As I’ve mentioned before, micro-segmentation is recommended. Dividing your network into different security segments with fine-grained security controls will help you isolate areas and limit the spread of a potential infection.

Last, but not least, organizations should operate with a prevention-first mindset and combine proactive and reactive protection measures. Prevention is still the best cure, after all.

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.

Next-gen Antivirus which stops known threats;
DNS traffic filter which stops unknown threats;
Automatic patches for your software and apps with no interruptions;
Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today Offer valid only for companies.

Bottom Line

In today’s unprecedented context, how long the COVID-19 pandemic will last is still uncertain. However, what is clear is that it has raised highly complex issues and revealed serious flaws in crisis management in many countries around the world. The outbreak only shows that we are completely unprepared to deal with it. However, it’s (probably) not too late to act now, remain optimistic, and learn how to prevent future outbreaks.

The post Decision Making Before and During Times of Crisis: A Parallel Between Cybersecurity Incidents and the Current COVID-19 Pandemic appeared first on Heimdal Security Blog.

May 2020
M	T	W	T	F	S	S
« Apr
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

What does EDR mean?

Why is EDR important?

EDR vs. Antivirus – What’s the difference?

Thor Premium Enterprise

The main characteristics and benefits of EDR

#1. Integration with multiple tools

#2. Alerts, reporting, and a unified overview of your environment

#3. Advanced response capabilities and automation

#4. Global availability

#5. Prevention

Why Is HeimdalTM’s EDR technology the best on the market? Introducing E-PDR, the next-gen approach to EDR.

Thor AdminPrivilege™

Conclusion

May’s 2020 batch of Microsoft patches, the third-biggest ever released

Significant vulnerabilities to be noted

Thor AdminPrivilege™

Bottom Line

Thor Foresight Enterprise

The post-pandemic era office

Legal Implications of Returning to Work

Thor Premium Enterprise

Cybersecurity concerns in the Post-Pandemic Era

Wrap-up

What are vectors of attack?

Attack vectors vs. Attack surface

Attack vector examples in cybersecurity

#1. Insider Threats

#2. Phishing

#3. Business partners

#4. Weak or compromised login credentials

#5. Ransomware / Malware

How to protect your organization from threat vectors

#1. Educate your employees

#2. Apply the Principle of Least Privilege (PoLP)

Thor AdminPrivilege™

#3. Use the right cybersecurity tools

Thor Premium Enterprise

To Sum Up

Case Study

ENPPI and the Rosetta Sharing Facilities Project

Case study

MT. Sinar Maluku spearphishing

Pre-COVID Spearphishing Attacks in the Oil/Energy Industry

Thor Foresight Enterprise

Countering Spearphishing attempts

Continuous cybersecurity education

Upgrade your cyber-defenses

Download and execute suspicious attachments in a controlled environment

Wrap-up

BPO companies and in-house employment

The impact of COVID-19 to in-house work

How remote work affects security for BPOs

How to keep up with data security

Data security

Cybersecurity

Streamlined processes

Work collaboration

What exactly is a firewall? Some tips on how to choose the best one for your company

Personal firewall

Packet-filtering firewall

Circuit-level gateway (firewall)

Stateful inspection firewall

Proxy firewall

Hybrid firewall

Thor Premium Enterprise

Forensic Analysis of Brute-Force Attack: Pre- and Post-Pandemic Patternization

Outlook

Wrap-up

What is browser cache and how does it work?

How the Twitter-Firefox incident could have affected you

How to clear the cache on Firefox

Manually clearing the Firefox cache

Automatically clearing the Firefox cache

Conclusion

Overview

UNC Patch Injection Issue

Zoom’s #1 on the hitlist

Thor Foresight Enterprise

How to use Zoom safely while working from home

Restricting NTLM: Outgoing NTLM traffic to remote servers

Why Is Heimdal^TM’s EDR technology the best on the market? Introducing E-PDR, the next-gen approach to EDR.